Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: Invision Board being exploited - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Invision Board being exploited
On May 21st we reported a vulnerability in Invision Power Board. To be honest I didnt know much about it, or about the amount of sites using it. Well, now I know at least a BIG one that was using it as a forum for its customers. We are still contacting the website owner, so I wont mention it here. But the case is that it was vulnerable and was exploited.
Now, when you visit it, it will try to push a .wmf exploit to you.

The iframes on that page were reditecting to HTTP : // and HTTP :   // .

Those websites, were redirecting to HTTP : //  and HTTP : // .

Which would try to push the .WMF exploit to you...

Fortunately, all AV vendors at Virustotal recognize the exploit, and at least McAfee and Symantec will trigger an alert when you are visiting this forum page.

Handler on Duty: Pedro Bueno ( pbueno /&&/ isc. sans. org )


155 Posts
ISC Handler
Jun 1st 2006

Sign Up for Free or Log In to start participating in the conversation!